The Bugcrowd crowdsourcing platform launched Bugcrowd University, an educational platform for security researchers that aims to contribute to the development of bug hunting skills
Bugcrowd University (BCU) was developed with the aim of promoting the development and education of security professionals, sharing the latest technologies and contributing to the development of bug hunting skills. As the name suggests, it is an initiative of Bugcrowd, a recognized crowdsourcing platform in the field of security that links security researchers to companies and/or developers in order to analyze products for bugs prior to launching them on the market (or after launch) and avoid being victims of vulnerability exploits. Bugcrowd is also well known for coordinating bug bounty programs for several of the most recognized brands worldwide.
Each module of Bugcrowd University focuses on techniques and strategies that Bugcrowd believes can represent a huge opportunity for the success of researchers who participate in bug bounty programs.
The first of the five modules launched focuses on web hacking. As published on their website, they have raised content pointing to a high standard. Each module also includes references to external sites with additional information prepared by IT security professionals.
They will be adding more modules to Bugcrowd University over the coming months, and are using the platform to invite the IT security community to comment on the types of content they are interested in. The webinars available are set out below.
There are 5 webinars available
There are currently five webinars available. The first is an introduction to Bugcrowd University where they explain what BCU is, how the modules are structured, the basis of the rewards programs, how the laboratory works, prerequisites, tools, and resources. Jason Haddix explains each of these points in the video below.
This webinar explains some key points in the process of finding flaws and how to create a good submission from the vulnerability discovered, which includes preparing effective reports.
Defined by Open Web Application Security Project (OWASP) as access control, and sometimes called authentication, security testing and access control attempts to determine how a web app achieves access to content and the functions of some users and not others. This webinar is, among other things, an introduction to the prevailing types of access control bugs.
The fourth webinar available is about Cross Site Scripting (XSS). This vulnerability is one of the most common bugs on the internet. As explained on the platform, this type of error can be very powerful, especially when combined with other vulnerabilities and techniques. This webinar presents the history of XSS and what can be done with this vulnerability.
Burp is a suite of tools for testing web applications. It is really helpful for pentesters and bug hunters.